Exactly what are the risks of continuing to use Office 2010

Topic

New Reply

I’ve checked around using Google, but even ComputerWorld just mentions nebulous “security risks.” It seems weird seeing people say that you might be willing to take the risks without saying what they are.

Specifically, I’m wondering if there’s any risk beyond opening up untrusted Office files and allowing macros to run. Is there any other way that Office is exploited beyond this? If so, what are the vectors that are used?

Yes, I know about LibreOffice–and it’s what I tend to use. But I’ve still run into the occasional file where it messes up the formatting a bit, and  being able to open in Office 2010 and save to a different format is useful.

Reply | Quote

Replies

Risks? Emails that contain documents, or downloading documents, templates, etc.  I suppose if your machine is isolated with no network connection and you don’t share documents, then 2010 is good forever.
https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-320/version_id-154983/year-2016/Microsoft-Office-2010.html

Reply | Quote

“It seems weird seeing people say that you might be willing to take the risks without saying what they are.”

I agree. So I would ask you “What do you mean by risks (to you)?”

If you run a four-room twelve machines per room training centre, you are susceptible to a financial risk with each new version of Windows and/or Office, for your clients will insist that their people will be trained on Excel365″ or “Word2019”, even though the Introduction To Excel course uses only features found in Excel4.0.

If you provide paid training to your own clients, you are susceptible to temporal risk while you take fresh screen snapshots of every dialogue box in your training material and rebuild (and reprint, bind etc) each training manual.

Then you run the risk of alienating clients who are still using Office 2018/2017/2016/… or whatever.

If you are a VBA programmer you run risks such as having to upgrade your procedure libraries (“UW.dot”) to accommodate new features in the language. See for example “Declaring API functions in 64 bit Office” (https://www.jkp-ads.com/Articles/apideclarations.asp) which can involve extensive editing of your libraries and applications.

There is the temporal/fiscal risk of devoting your time to learning the quirks of the new version – menus change, shortcut keys change, and so on)

The list goes on.

I might add the risk of advancing to Office2019(say) and not knowing what might jump out and bite you! That is, risk of the unknown. That sort of risk leads to a further risk: Risk of NOT being able to roll back to your earlier version for whatever reason (Committed to training material, committed to changed program code).

I have no easy answers, but if you do have a specific type of risk in mind, making your own list of risks (or if you prefer, “fears”) will give you some real data on which you can act.

Cheers

Chris

Unless you're in a hurry, just wait.

Reply | Quote

I’m still using Office 2003 on six computers, five running Windows 7Pro SP1 x64 and one with Windows 10 (v. 2004).

I’m not saying it’s smart or a good idea, but I simply don’t like the ribbon and don’t need the “improvements” that have come into Office in the post-2003 versions.

I (and – I believe – a few other people) contend that the weakest link in the computer security chain is the user, so it’s ultimately up to me to be careful with what I download, open, etc. Of course I can be “fooled” and “careless”, but if that happens, it’s my fault and no one else’s.

I have what I hope is a reasonably good computer security system that includes Norton Security, MalwareBytes, and (when I think it’s necessary) Sandboxie and the VirusTotal website.

Beyond this, though, I try to devote the time and attention to look carefully at anything I download and any email attachment I receive.

Perhaps I should add that I guess I’m a relatively conservative web user, though I’m fanatic about keeping my software (besides Office) up to date.

Maybe I’m just lucky, but I’m happy to be able to say that since I got my first PC in 1986, I’ve never had a virus on any of the … hmmmm … 25-30 computers I’ve had over the years.

Today, my “main” machine, still runs on the original install of Win7 from 14 July 2009. Furthermore, as far as I can remember, I’ve never had to reinstall my OS on any of my machines. This goes back to (I think) DOS 3.2, which was installed on the “IBM compatible” computer I bought in back in ’86.

So what’s my point? Simply that I feel that other factors are just as important in maintaining security as the version of Office you use.

My case involves a home business that comprises exactly one person – me – so I’m able to maintain a reasonably good overview. Just so I don’t give the impression that I live in cocoon, though, over the years I’ve lived and worked in Germany, France, Saudi Arabia, and Yemen and have used my home PC in all of them. And in Germany, where I taught at a couple of universities, my work over fifteen years or so involved dealing with many thousands of student emails (many of which included MS Word attachments). And besides my teaching, my little translation business was (and remains) invariably based upon Word docs.

And beyond my own computers, since about 1999, I’ve also had the honor and pleasure of being responsible for my wife’s machines over the years. Hers, too, have (sometimes by the Grace of God, I think) managed to stay virus free and also have never required a reinstall of the OS.

I only hope I’m as successful with the Corona virus as I’ve managed to be with computer viruses.
🙂

3 users thanked author for this post.

AlphaCharlie, SueW, Charlie

Reply | Quote

As the world of difference between Chris’s reply and mine clearly shows, the use case is what ultimately provides the context necessary to meaningfully address the issue.

Reply | Quote

Since I retired I only use Word once in a great while to read an occasional letter from a neighborhood group that I know.  I still check it with my AV/Malware programs just to be sure.  It rarely gets used anymore, most correspondence I get is in pdf format.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

If the file you receive via email/the web/wherever “calls” your unprotected word/excel/outlook the attacker can launch the offending app.  Take this month’s Office patches – all are remote code execution that can be launched if an attacker gets you to open up the office document.  The one in particular that I would be more worried about is Outlook (preview pane and all that).  Not to mention as the email platforms tighten up their security you will get to a point where they will demand higher security (SSL/TLS cert mandates, app passwords things like that) where it won’t work with your ISP anymore.  Or if you have issues they won’t support you.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

Morty, Paul T

Reply | Quote